C O N V E N T I O N S U S E D I N T H I S U S E R ' S G U I D E; Manual Text - Novell APPARMOR Admin Manual

U s e r ' s G u i d e
Chapter 1 Introduction to Novell
AppArmor
The Novell AppArmor, powered by Immunix
designed to provide application security for both servers and worksta-
tions that is easy to use. Novell AppArmor secures applications by dif-
f e r e n t i a t i n g b e t w e e n " g o o d " a n d " b a d " b e h a v i o r s , p e r mi t t i n g t h e g o o d
and preventing the bad. This works to defend your systems without
resorting to attack signatures, and thus can prevent attacks even if
they are exploiting previously unknown vulnerabilities.
Novell AppArmor is a mandatory access control system designed for
application firewalling, Novell AppArmor lets you specify per program
which files the program may read, write, and execute.
Novell AppArmor is comprised of:
• A library of Novell AppArmor profiles for common Linux applications
describing what files the program needs to access.
• A library of Novell AppArmor profile foundation classes (profile
building blocks) needed for common application activities such as
DNS lookup and user authentication.
• A tool suite for developing and enhancing Novell AppArmor profiles,
so that you can change the existing profiles to suit your needs, and
create new profiles for your own local and custom applications.
• Several specially modified applications that are Novell AppArmor-
enabled to provide enhanced security in the form of Novell AppAr-
mo r ' s u n i q u e sub-process confinement, including Apache.
• The Novell AppArmor loadable kernel module and associated con-
trol scripts to enforce Novell AppArmor policies on your SuSE
LINUX Enterprise Server 9 systems.

C o n v e n t i o n s U s e d i n T h i s U s e r ' s G u i d e

Manual Text

When using GUIs, field names, menu and screen titles, and field val-
ues are shown as File.
4
TM
(or Novell AppArmor) is